UK’s data protection watchdog, the Information Commissioner's Office (ICO) has imposed a fine of £325,000, which is the highest fine ever, on the Brighton and Sussex University Hospitals NHS Trust for loosing sensitive data.

The fine was imposed after it was found that sensitive data of patients from the trust was sold on Ebay. The trust had failed to make sure hard drives containing the information were erased before the computers were handed over to the contractors. The data included patients' medical conditions, such as sexually transmitted diseases and treatment, disability living allowance forms and children's reports.

The Trust's IT service provider, Sussex Health Informatics Service was responsible for erasing information on 1,000 hard drives in 2010. The devices were kept in a room that could only be accessed by a key code at Brighton General Hospital.

However, the trust handed the job to an unnamed individual sub-contractor, wh reportedly failed to erase the data and took out 252 drives from the hospital. Most of the data was available on the internet during October and November 2010. The trust said that the sub-contractor was arrested by the authorities but has not been charged yet.